Outdated plugins reported with `npm audit`

[Vlasterx]

Hello,

command npm audit is reporting that some outdated plugins are found in panini npm package.

  Low             Regular Expression Denial of Service                          

  Package         braces                                                        

  Patched in      >=2.3.1                                                       

  Dependency of   panini [dev]                                                  

  Path            panini > vinyl-fs > glob-stream > micromatch > braces         

  More info       https://npmjs.com/advisories/786                              

  Moderate        Regular Expression Denial of Service                          

  Package         marked                                                        

  Patched in      >=0.6.2                                                       

  Dependency of   panini [dev]                                                  

  Path            panini > marked                                               

  More info       https://npmjs.com/advisories/812 

Is it possible to update those?

[cssninjaStudio]

Anything new about this issue ?

[Vlasterx]

I've cloned a repo and found a huge number of outdated dependencies. Commits, apart from one attempt to solve outdated plugins, are from several years ago, which is a real shame. This is a great static HTML generator, much better than the other ones around, like Metalsmith, but the project seems dead. :(

[cssninjaStudio]

I was able to fix most of the broken dependencies beside marked and braces packages. It’s ok that the last commit is old as it still works good with tools like gulp4. The only thing would be if Foundation/zurb can update those packages and push an updated version. That would fix everything. And indeed, this the best flat file compiler around.

[DanielRuf]

We will update it then. warnings are not critical as long as it still works.